InfoSecBulletin Cybersecurity for mankind
South Korea’s privacy regulator said on Thursday (June 11) that the country will fine e-commerce giant Coupang 625 billion won ($409.30 million) over a massive leak of customer information last year and illegal collection of personal information, in the country’s largest data breach penalty on a company.
The Personal Information Protectin Commission said the New York-listed company had leaked personal data of more than 33 million customers and failed to detect the breach within the 72 hours required by the law.
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
“This accident occurred due to Coupang’s lack of safety measures and systems, not sophisticated hacking,” Song Kyung-hee, the chairperson of the privacy regulator, told a briefing on Thursday.
“We have decided to impose a total of 624.68 billion won in fines … on Coupang for violating safety obligations and collecting personal data without legal grounds,” a Personal Information Protection Commission statement said.
“Inadequate basic safeguards, including poor management of authentication signing keys and lax access controls” resulted in the personal data of around 37.5 million users being exposed, the commission said.
The fine amounts to 1.4% of Coupang’s revenue of 45 trillion won in 2025, according to Reuters’ calculation. After the fine was announced, Coupang apologised for having caused concern to the public and its customers.
However, the company said that “we regret that our proactive measures to prevent secondary harm from last year’s data leak incident, as well as our explanations based on clear facts, were not sufficiently reflected” in the regulator’s decision.
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
